docs/warning_types/CVE-2011-3186/index.markdown
Response splitting is a simple attack that can be used as part or a larger exploit chain. A malicious user sends data that causes the HTTP response header to include unintended newline characters which are interpreted as the end of the header. The attacker may then forge their own response body and an entirely false HTTP response, essentially hijacking the entire page load.
Versions of Rails 2 previous to 2.3.13 were vulnerable to this type of attack. The Rails 3 branch is not affected.
For more details see [CVE-2011-3186](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768).